Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

The Dangers of Social Networking

on October 22, 2009

Social sites such as Facebook and MySpace are a big hit nowadays; not just with the young generation but with people of all ages. It’s an amazing platform for people to connect but it certainly isn’t without its dangers.

As with all things in life, there are dangers and then there are dangers. Recently I was faced with some of the worst dangers that these social sites can generate.

The Perils of Social Networking Love

A friend of mine who knows that my line of work involves internet security came to me with a problem she faced. A friend of hers met a guy from a different country on one of these social networks and fell in love with him over time. It might be important to note that it was the guy who initiated the contact. That’s generally great; however, my friend is afraid that he may be trying to play her friend and after hearing the story I think she is quite right to be worried, so much so that I believe it’s even worse than what she was initially suspecting.

The first red flag was raised when this guy said that he really wants to meet her but unfortunately needs a large sum of money in order to get a visa to visit the country. Classic dating scam. Luckily the sum which he said he needed was so large that she couldn’t afford it, because if she did it is quite likely that she would have sent it over without a second thought.  As if that wasn’t enough proof of this person’s malicious intent, another girl contacted my friend’s friend and told her about her bad experience with this person and cautioned her to be careful. However, when confronted with this information, the potentially malicious person said that he used to date the girl who had contacted her but had left her a while ago and now she just wants revenge. The girl believed his story even in light of the earlier scam attempt.

However what really got me worried was what came next. This guy suggested that they should meet in a different country and get married there. The biggest problem here is that, as far as I could tell from my research, the country which he suggested and the home country of this girl has the same exact same visa requirements. Actually the country which he suggested requires extra monetary guaranties that he would need to fulfill, which he wouldn’t need to for a visa in the girl’s country of residence. What’s a lot worse is that the country which he suggested is pretty well known for human trafficking.

And this had a profound effect on me because the first thing that went through my mind is one of the first things that you’re taught in security i.e. never think that it cannot happen to you. I honestly admit that my first thought was that it couldn’t possibly be that bad, I was just being paranoid.  But then my security instinct kicked in and I decided that it’s better to be safe than sorry so I told my friend what I was suspecting – that this guy tried to scam the girl, but because she wasn’t rich enough to satisfy his scam, he might be going to plan B which is to try to sell her instead. I didn’t take this decision lightly; I know my friend came to me to ease her worry primarily and I was about to make it a lot worse but I dreaded the consequences which would be a lot worse, if it turned out that I wasn’t being paranoid after all.

After a lot of effort we managed to convince the girl not to travel to meet him, however she still insists that he is genuine. Yes, she still thinks that she wasn’t being scammed when he asked her for money.

Protecting yourself against social engineering scams

That’s my story so far, so now let’s concentrate on the essence of it. Even if this was all a misunderstanding the risk is real. Social networking is always a great tool for social engineers. Knowledge is power and this is especially true when it comes to social engineering. The more the social engineer knows about his victim, the more likely he is to be successful in his schemes. I am generally against monitoring and restricting but stories like this make me stop and think whether it is the right thing to do after all.

What if this sort of thing were to happen to my children? What if s/he falls in love with a person of malicious intent? We all know how dangerous strong emotions can be, trying to save her/him once s/he is deeply in love will be impossible and the more you try to do to convince her/him of the mistakes s/he might be doing, the more likely it is  to drive him/her away. What’s worse is that even if you manage to expose the scam the emotional impact will certainly be devastating at this stage. On the other hand the only other option would be to switch to a 1984 state of affairs and rigorously monitor any and all communications. Both are obviously wrong.

And this is not just for your household; the same applies to the workplace. Over monitoring your network will have detrimental effects on the employees’ morale, and might even be illegal in some cases. However even if it were legal, would you want to monitor your employees’ communication on social sites? What about private emails? The obvious, safer solution is to disallow these sites however this will have a detrimental effect on morale too.

I guess in both personal and professional scenarios your best bet would be education. Although it will not be 100% effective, some people claim that it’s not effective at all, it will hopefully make people question such events if they are aware of the risks. On the other hand, in cases such as a dating scam, the request for money will happen when it’s too late, as the person will already be too hooked to second guess anything so education is unlikely to work here.

Who’s really lurking behind that profile page?

The dating scam is just one of the scams that are happening via social networking. I have heard on a first hand basis of people being scammed for many things. Malicious people making friends with victims and after a while say that they have to drop out of school because they can’t afford it. In some cases the victims themselves offer to help out financially and are thus scammed of their hard earned cash without  even having to be asked to hand over money. At the end of the day social networking is a haven for con artists. Con artists can befriend their victims very safely. You become friends to a profile in essence and there is no guarantee that the profile has any truth to it whatsoever. If a con artist is patient he can build a good trust relationship and then spring any number of traps – from fake lucrative investment schemes to a great opportunity that cannot be passed by.

Finally I caution you to not make the classic mistake of thinking that this could never happen to you or your loved ones. I urge you to always be on guard. Furthermore it might be a good idea to warn friends and family about the dangers of social networking. When I explained the dating scam/human trafficking risk to my friend her answer was, ‘I didn’t know that this happens on the internet’ which is a common and ultimately understandable stance. People who aren’t in IT wouldn’t automatically think of these issues unless they experience them firsthand and by then it will be too late.

What do you think? I would love this to turn into a debate on the different views regarding social networking. Which method would you choose to protect yourself and others, both at home and professionally? Do you think that the blocking option is the right way to go? Monitoring perhaps? Or do you believe that education is effective enough to be the only safety mechanism in place?

 
Comments
John Mello October 23, 200910:33 pm

This story about your friend is a sad one and very illustrative of the dangers of joining social networking sites outside the workplace. For employers who allow social networking in the workplace, the dangers are also dire. More and more employment lawyers are advising companies to shut down access to services like Facebook and Twitter and recommending that managers be warned about establishing “friendships” with subordinates off the cube farm. Managers wanting to build team morale by cultivating online friendships with their co-workers are exposing their companies to all kinds of legal problems such as harassment, discrimination or wrongful termination lawsuits, as well as complaints of favoritism if some employees are befriended while other are not. What’s more, if a worker confesses some indiscretion, like being high at work, or makes racist or sexist comments about co-workers on a social networking site, a manager will have to turn from friend to “rat” or risk jeopardizing his or her job for not reporting the behavior. This is a real can of worms.

Emmanuel Carabott October 26, 200910:53 am

Hi John, Thanks for you comment and I totally agree with the can of worms comment you posted. It really gets complicated considering freedom of speech, jurisdiction of company on things that happen outside working hours and company liability about things an employee does or says outside of the same working hours.

On the other hand employees will generally not like a company telling them what to do, or how to behave outside working hours, so it really is a complicated matter.

Some employees on the other hand should really be more considerate of what they’re doing. There have been numerous stories about how people generally don’t give a moment’s thought to their use of social networking sites. Stories such as employee bragging about how drunk they got the day before and obviously getting fired for taking sick leave. Even worse, employees accepting friend requests by their boss and then speaking out against him/her! It really amazes me! It really seems that some people never consider the medium they are using, the audience they will have and the repercussions of what they’re going to say. That in itself would make anyone a security risk to any company!

In fact maybe in a twisted way a company could use this as a tool to measure the trust-ability of an employee. However, although I am not an employment lawyer obviously, it’s quite possible that this may not be a legal thing to do. Just think how it might be a useful way to see how considerate an employee really is regarding sharing of information.

David Kelleher October 27, 200912:46 pm

What is even more irritating is the fact that employees see these warnings as nothing but an attempt by companies to sell filtering software. The Telegraph in the UK (http://www.telegraph.co.uk/technology/twitter/6418567/Twitter-costs-British-economy-1.38bn.html)reported this week that Twitter is costing the UK over STG1.38 bn. The comments posted in reply reflect many computer users’ attitudes towards security and any attempts to improve it. People are only concerned about their presumed ‘right’ to do what they want on the company’s computer and time.

Emmanuel Carabott October 28, 20099:56 am

As David said, this is exactly where education comes in. If a company simply puts in a policy to deny social network access it is going to have a strong reaction from its exployees. In some cases it will be quite understandable too. If employees really are putting in a lot of extra hours and spending only a fraction of that on social sites they will understandably be angry if they think access is being restricted so that they don’t waste company time. However if they are taught about the dangers and explained the reasons of the policy they might be more receptive to the idea and respectful of it. Well, some of them will; obviously you will always have those few who will not believe anything told to them but it might avoid some of the strong reactions such as those seen in the article that David shared.

KPO Services July 12, 201011:16 am

This post was well worth the read. Be acutely aware of the hazards of Social Networks. Always remember what is possible online. As with most things in life there are opportunities and there are risks; however eliminate needless risk. There is never a need to share private confidential information online. Use social networks to share and promote ideas. Be a giver but don’t give what you wouldn’t want just anyone seeing in public just by looking over your shoulder or seeing into your home or bedroom.

Charles

Emmanuel Carabott July 21, 20104:48 pm

Well said Charles, I agree completely.